Taran Rampersad wrote:
> When a trade secret becomes public, it's no longer a trade secret.
You'd think so. I thought so. But it doesn't appear to be true.
Third parties who innocently receive a trade secret can in some cases be
informed of the fact they have received a trade secret and then they
have no rights to use or further disclose it. If they use or disclose
it anyway, they can be subject to criminal prosecution for which the
penalty can include high fines and/or jail time.
For example, read paragraph 1, section 2 of the Uniform Trade Secrets
Act <http://nsi.org/Library/Espionage/usta.htm>.
> At a meta level, I view it this way: If there were more trade secrets,
> there would be less silly patents. And it's possible to view the lack
> of support of trade secrets as forcing businesses into patents to
> protect what would have otherwise been trade secrets. There is a
> section of the world which still believes that trade secrets have
> value, and if we want less patents - including lobbying FOR *software
> patents* - encouraging trade secrets might be a good idea. Lobbying
> against software patents is well and good, but reducing the need to do
> so seems like a pretty good idea. If a company cannot use NDA/GPL to
> protect it's trade secrets, and they really think that their secrets
> have value, then they'll hire someone to do proprietary code, and may
> even go as far as patenting the process and even attempting to patent
> the code... Yuck.
>
> Is there a way out of this mess that any of you see?
First, I'm skeptical of the idea that more support for trade secrets
means less software patents. The two tools do different things and
people use them (separately or in combination) for different purposes.
Second, I see both software patents and NDAs as (usually) ethically
problematic. Software patents can make it impossible for anyone but a
few big companies to legally write programs. NDAs get software
engineers to give up their freedom to share-without-criminal-penalty --
in most cases it is unethical for an engineer to do that kind of
thing. So, I would change your question to ask how we can get rid of
both while still helping businesses succeed. How can we do that?
(A) There are other ways to protect secrets that *are* compatible with
the GPL. Performance contracts seem to me to be a better idea:
"Customer will pay Consultant $1 if Consultant has not distributed this
program to anyone else for 1 year." There are still ethical and
practical problems there. A third party, Competitor, may come along
and offer Consultant $2 for an early copy of the program (a practical
problem). Customer will have no recourse against third parties who *do*
get a copy (a practical problem). Consultant can wind up with lots of
conflicts of interest such as whether to help a neighbor or collect $1
(ethical problems). Those issues mean that this approach is applicable
in fewer circumstances than a full-blown NDA. Still, in a lot of
situations, this kind of contract can work reasonably for everyone involved.
(B) There are a lot of cases where secrecy is currently overrated and
transparency undervalued. For example, if a company's product is a
GNU/Linux distribution there is little long-term value in keeping their
production infrastructure secret and customers are better off if that
infrastructure is available for scrutiny and franchising. This implies
a shift in what GNU/Linux distro companies sell and how they
differentiate themselves. Still, this shift is now inevitable. These
companies are beginning to compete against one another (and against
Debian) on their gratis, public projects (Ubuntu, OpenSuSE, Fedora,
OpenLinspire). Quality of product is one axis of competition but (I
predict) openness and transparency will also become a point of
competition until, finally, instead of just a few big-name distros, we
have a public infrastructure from which it is relatively easy for anyone
to assemble a custom distro, distribute it to a few customers, and
support it. There is a paradigm, there, for how patent monopolies and
trade secrets can become less important in general.
(C) One of these days, more free software hackers will rediscover the
virtues of organizing, standardizing employment contracts, standardizing
the base rules that define professional conduct, and engaging in
collective bargaining. On the issue of software patents: of course they
must go and it should violate rules of professional conduct to support
the system other than in the direction of making all software patents
freely licensed for use by anyone. On the issue of NDAs, because they
impinge on an engineer's right to employ their particular skills
ethically, they should be prohibited by the rules of professional
conduct and standard contracts. Conversely, it should certainly be
prohibited by the rules of professional conduct to willfully or
negligently harm a customer by disclosing information that would
normally be kept private except in cases where the consequences of not
disclosing that information would create a proportionately excessive
harm to public safety, human life, human rights, etc. Other
professional fields (e.g., physicians) have had to grow to be self
policing over these tricky issues: hackers should as well.
(D) One of the best ways to change businesses whose model requires
ethically problematic behavior is to compete successfully against them
with superior business models. There is an elegant unfolding of
history here: Mega-corporations are largely built on old practices with
ethical problems. Among their greatest effects on the world have been
outstanding transportation and communication infrastructures and cheap
goods. In these conditions, open source practices and their analogs in
other fields are inevitable. Between that new move to open practices
and the modern possibilities of inventory management and goods
transportation, we should expect (and leverage) the emergence of a new
regimen of confederated small companies displacing mega-corporations.
There shouldn't be just a handful of GNU/Linux companies -- there should
eventually be be tens of thousands. There shouldn't be just a few
factories that make the bulk of the nation's cookies, there should be
lots and lots of tiny ones. The economies of scale enjoyed by
mega-corps are increasingly accessible to small businesses again.
Among the effects of confederated small companies can be better pay and
working conditions for workers and greater robustness to the economy as
a whole. In a condition of lots of confederated small companies
patents and secrets won't disappear but will certainly become less
important.
-t

Taran Rampersad wrote:

When a
trade secret becomes public, it's no longer a trade secret.

You'd think so. I thought so. But it doesn't appear to be true.

Third parties who innocently receive a trade secret can in some cases
be informed of the fact they have received a trade secret and then they
have no rights to use or further disclose it. If they use or disclose
it anyway, they can be subject to criminal prosecution for which the
penalty can include high fines and/or jail time.

At a
meta level, I view it this way: If there were more trade secrets, there
would be less silly patents. And it's possible to view the lack of
support of trade secrets as forcing businesses into patents to protect
what would have otherwise been trade secrets. There is a section of the
world which still believes that trade secrets have value, and if we
want less patents - including lobbying FOR *software patents* -
encouraging trade secrets might be a good idea. Lobbying against
software patents is well and good, but reducing the need to do so seems
like a pretty good idea. If a company cannot use NDA/GPL to protect
it's trade secrets, and they really think that their secrets have
value, then they'll hire someone to do proprietary code, and may even
go as far as patenting the process and even attempting to patent the
code... Yuck.

Is there a way out of this mess that any of you see?

First, I'm skeptical of the idea that more support for trade secrets
means less software patents. The two tools do different things and
people use them (separately or in combination) for different
purposes.

Second, I see both software patents and NDAs as (usually) ethically
problematic. Software patents can make it impossible for anyone but a
few big companies to legally write programs. NDAs get software
engineers to give up their freedom to share-without-criminal-penalty --
in most cases it is unethical for an engineer to do that kind of
thing. So, I would change your question to ask how we can get rid of
both while still helping businesses succeed. How can we do that?

(A) There are other ways to protect secrets that *are* compatible with
the GPL. Performance contracts seem to me to be a better idea:
"Customer will pay Consultant $1 if Consultant has not distributed this
program to anyone else for 1 year." There are still ethical and
practical problems there. A third party, Competitor, may come along
and offer Consultant $2 for an early copy of the program (a practical
problem). Customer will have no recourse against third parties who
*do* get a copy (a practical problem). Consultant can wind up with
lots of conflicts of interest such as whether to help a neighbor or
collect $1 (ethical problems). Those issues mean that this approach
is applicable in fewer circumstances than a full-blown NDA. Still, in
a lot of situations, this kind of contract can work reasonably for
everyone involved.

(B) There are a lot of cases where secrecy is currently overrated and
transparency undervalued. For example, if a company's product is a
GNU/Linux distribution there is little long-term value in keeping their
production infrastructure secret and customers are better off if that
infrastructure is available for scrutiny and franchising. This implies
a shift in what GNU/Linux distro companies sell and how they
differentiate themselves. Still, this shift is now inevitable. These
companies are beginning to compete against one another (and against
Debian) on their gratis, public projects (Ubuntu, OpenSuSE, Fedora,
OpenLinspire). Quality of product is one axis of competition but (I
predict) openness and transparency will also become a point of
competition until, finally, instead of just a few big-name distros, we
have a public infrastructure from which it is relatively easy for
anyone to assemble a custom distro, distribute it to a few customers,
and support it. There is a paradigm, there, for how patent monopolies
and trade secrets can become less important in general.

(C) One of these days, more free software hackers will rediscover the
virtues of organizing, standardizing employment contracts,
standardizing the base rules that define professional conduct, and
engaging in collective bargaining. On the issue of software patents:
of course they must go and it should violate rules of professional
conduct to support the system other than in the direction of making all
software patents freely licensed for use by anyone. On the issue of
NDAs, because they impinge on an engineer's right to employ their
particular skills ethically, they should be prohibited by the rules of
professional conduct and standard contracts. Conversely, it should
certainly be prohibited by the rules of professional conduct to
willfully or negligently harm a customer by disclosing information that
would normally be kept private except in cases where the consequences
of not disclosing that information would create a proportionately
excessive harm to public safety, human life, human rights, etc. Other
professional fields (e.g., physicians) have had to grow to be self
policing over these tricky issues: hackers should as well.

(D) One of the best ways to change businesses whose model requires
ethically problematic behavior is to compete successfully against them
with superior business models. There is an elegant unfolding of
history here: Mega-corporations are largely built on old practices
with ethical problems. Among their greatest effects on the world have
been outstanding transportation and communication infrastructures and
cheap goods. In these conditions, open source practices and their
analogs in other fields are inevitable. Between that new move to open
practices and the modern possibilities of inventory management and
goods transportation, we should expect (and leverage) the emergence of
a new regimen of confederated small companies displacing
mega-corporations. There shouldn't be just a handful of GNU/Linux
companies -- there should eventually be be tens of thousands. There
shouldn't be just a few factories that make the bulk of the nation's
cookies, there should be lots and lots of tiny ones. The economies of
scale enjoyed by mega-corps are increasingly accessible to small
businesses again. Among the effects of confederated small companies
can be better pay and working conditions for workers and greater
robustness to the economy as a whole. In a condition of lots of
confederated small companies patents and secrets won't disappear but
will certainly become less important.